Twitch: undisclosed number of user accounts compromised, loads of personal data at risk

Popular video game streaming service Twitch on Monday issued a notice on its blog stating that there may have recently been unauthorized access to some user account information.

The company has reset all passwords and stream keys in addition to disconnecting accounts from Twitter and YouTube. Because of this, all users will need to create a new password the next time they log into Twitch. The Amazon-owned company said it’s also a good idea for users to change their passwords at any other site in which they use the same or even a similar password.

Twitch said it would reach out directly to impacted users with additional details. In one such e-mail obtained by Venture Beat, Twitch said credentials that may have been affected include usernames, e-mail addresses, passwords (which were cryptographically protected), the last IP address a user logged in from and any optional information that a user may have provided.

The latter includes first and last name, phone number, physical address and date of birth. Worse yet, limited credit card information (card type, truncated card number and expiration date) may also have been compromised. Twitch said it does not store or process full credit or debit card information so at least the card number is safe (but not much else it seems).

In addition to creating a new password, applicable users will need to reconnect their accounts with Twitter and YouTube. Twitch isn’t saying much more about the attack as of this writing but we’ll keep our ears open for any additional information on the matter.

It seems like every other day there's a story about some site being hacked or data being poached from somewhere that's supposed to be "safe". If this is the wonderful future of online goodness we've heard so much about these last few years then we are in deep guano.

So this is why I've been getting so much spam over the last few weeks with my Twitch username in the subject line! Twitch needs to give out more details about when and how this happened - cause if it was a month to two weeks ago - my email was certainly stolen and sold to spammers. Lots of Dr. Oz recommends blah blah blah type spam. Ugh. Wish I'd never signed up for Twitch now...

They shouldn't have any kind of credit card information non-encrypted, this sucks big time, with the last 4 digits they can bring a lot of hell on you unless you don't use a single one of them for everything, most sites use those to verify that you are actually the owner, and so on.